Do you have the drive to engage in cyber security risk & compliance to protect organizations from potential security exposures or threats? If your answer is yes, we have the right opportunity for you!
Work you'll do
As an Assistant Manager, GRC- Cyber Program Design and Governance on the Cyber Security team, you will be responsible for:
- Executing vendor information security risk assessments aligned to Deloitte’s governance, risk, and compliance objectives
- Reviewing vendor security programs, processes, and controls to identify risks to Deloitte data, systems, networks, and facilities
- Documenting assessment results, communicating findings to stakeholders, and tracking remediation plans through closure
- Collaborating with vendors, internal business stakeholders, subject matter specialists, and Cyber Security leadership across onshore and offshore teams
- Supporting vendor policy compliance activities and cyber security awareness initiatives across the organization
The team
Deloitte Technology team helps power Deloitte’s success. Deloitte Technology team is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~3,000 professionals in Deloitte Technology deliver services internally including:
- Cyber security
- Technology support
- Technology & Infrastructure
- Application development and management
- Relationship management group
- Strategy
- Deployment
- PMO
- Financials
Cyber Security
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of Risk & Compliance focus include:
- Client ODCs
- Security Contract Reviews
- Vendor Assessments
- Security Awareness
- Audits & Assessments
Location: Hyderabad
Shift Timings: Indian Standard Time
Qualifications
Required:
- Bachelor’s degree in Computer Science, Business Administration, or equivalent educational or professional experience
- 6-9 years of experience in information security, technology risk, governance, risk, and compliance, vendor risk management, audit, controls testing, risk assessment, or remediation management
- Experience reviewing third-party or vendor information security programs, processes, and controls
- Experience with control frameworks and regulatory standards, including Service Organization Control 2 (SOC 2), International Organization for Standardization 27001 (ISO 27001), National Institute of Standards and Technology 800-53 (NIST 800-53), Public Company Accounting Oversight Board (PCAOB), or Cloud Security Alliance (CSA)
- Experience with Governance, Risk & Compliance (GRC) tools
- Experience preparing assessment reports, findings, and remediation tracking for stakeholders
- Experience assessing security controls for cloud services
Preferred:
- Experience implementing information security programs
- Experience conducting information security audits or assessments
- Experience supporting vendor remediation management activities
- Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), ISO 27001, ISO 27002, or ISO 22301